Search
Total
831 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31476 | 1 Intel | 1 System Usage Report | 2023-08-08 | N/A | 5.5 MEDIUM |
| Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-26051 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal. | |||||
| CVE-2022-0093 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive information through RSS feeds. | |||||
| CVE-2022-33311 | 1 Cybozu | 1 Office | 2023-08-08 | N/A | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors. | |||||
| CVE-2022-3317 | 1 Google | 2 Android, Chrome | 2023-08-08 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2021-44837 | 1 Deltarm | 1 Delta Rm | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the id_cat1 query parameter to indicate the risk. | |||||
| CVE-2021-33104 | 1 Intel | 1 One Boot Flash Update | 2023-08-08 | N/A | 5.5 MEDIUM |
| Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-40843 | 1 Tenda | 2 Ac1200 V-w15ev2, W15e Firmware | 2023-08-08 | N/A | 4.9 MEDIUM |
| The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account. | |||||
| CVE-2022-39190 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-08-08 | N/A | 5.5 MEDIUM |
| An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. | |||||
| CVE-2021-39631 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In clear_data_dlg_text of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193890833 | |||||
| CVE-2022-22654 | 1 Apple | 2 Safari, Watchos | 2023-08-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2022-41783 | 1 Tp-link | 2 Re3000, Re3000 Firmware | 2023-08-08 | N/A | 5.5 MEDIUM |
| tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function. | |||||
| CVE-2022-28718 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin. | |||||
| CVE-2022-28749 | 1 Zoom | 1 On-premise Meeting Connector Multimedia Router | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. As a result, a threat actor in the Zooms waiting room can join the meeting without the consent of the host. | |||||
| CVE-2021-44838 | 1 Deltarm | 1 Delta Rm | 2023-08-08 | 5.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax-details endpoint, with a POST request indicating the risk to access with the id parameter, it is possible for users to access risks of other companies. | |||||
| CVE-2022-22660 | 1 Apple | 1 Macos | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI. | |||||
| CVE-2022-1741 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2023-08-08 | 7.2 HIGH | 6.8 MEDIUM |
| The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code. | |||||
| CVE-2022-1520 | 1 Mozilla | 1 Thunderbird | 2023-08-08 | N/A | 4.3 MEDIUM |
| When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B. This vulnerability affects Thunderbird < 91.9. | |||||
| CVE-2021-39017 | 3 Ibm, Linux, Microsoft | 3 Engineering Lifecycle Optimization Publishing, Linux Kernel, Windows | 2023-08-08 | N/A | 6.5 MEDIUM |
| IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725. | |||||
| CVE-2022-0373 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 3.5 LOW | 4.3 MEDIUM |
| Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address | |||||
| CVE-2021-37791 | 1 Myadmin Project | 1 Myadmin | 2023-08-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin. | |||||
| CVE-2022-3044 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-08-08 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
| CVE-2021-44854 | 1 Mediawiki | 1 Mediawiki | 2023-08-08 | N/A | 5.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis. | |||||
| CVE-2022-29773 | 1 Aleksis | 1 Aleksis | 2023-08-08 | 3.5 LOW | 6.5 MEDIUM |
| An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set. | |||||
| CVE-2021-43129 | 1 D2l | 1 Brightspace | 2023-08-08 | 5.8 MEDIUM | 6.5 MEDIUM |
| A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feature, which allows a quiz-taker to access print and copy functionality via the browser’s right click menu even when “Disable Right Click” is enabled on the quiz. | |||||
| CVE-2022-3047 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-08-08 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. | |||||
| CVE-2022-26581 | 1 Paxtechnology | 2 A930, Paydroid | 2023-08-08 | N/A | 6.8 MEDIUM |
| PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability. | |||||
| CVE-2022-26054 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link. | |||||
| CVE-2022-1716 | 1 Kitetech | 1 Keep My Notes | 2023-08-08 | 2.1 LOW | 4.6 MEDIUM |
| Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. | |||||
| CVE-2022-32945 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-08-08 | N/A | 4.3 MEDIUM |
| An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods. | |||||
| CVE-2022-38770 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2023-08-08 | N/A | 5.3 MEDIUM |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch other users' data upon a successful login request. | |||||
| CVE-2022-0803 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2023-08-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2022-27661 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow. | |||||
| CVE-2022-45475 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2023-08-08 | N/A | 6.5 MEDIUM |
| Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control. | |||||
| CVE-2022-26368 | 1 Cybozu | 1 Garoon | 2023-08-08 | 5.5 MEDIUM | 5.4 MEDIUM |
| Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet. | |||||
| CVE-2022-29855 | 1 Mitel | 18 6865i Sip, 6865i Sip Firmware, 6867i Sip and 15 more | 2023-08-08 | 7.2 HIGH | 6.8 MEDIUM |
| Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution. | |||||
| CVE-2022-31708 | 1 Vmware | 1 Vrealize Operations | 2023-08-08 | N/A | 4.9 MEDIUM |
| vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4. | |||||
| CVE-2022-3056 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-08-08 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2022-1867 | 1 Google | 1 Chrome | 2023-08-08 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content. | |||||
| CVE-2022-20288 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204082360 | |||||
| CVE-2022-20287 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204082784 | |||||
| CVE-2022-31683 | 1 Pivotal Software | 1 Concourse | 2023-08-08 | N/A | 5.4 MEDIUM |
| Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team. | |||||
| CVE-2022-20285 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230868108 | |||||
| CVE-2022-2512 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs. | |||||
| CVE-2022-29471 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin. | |||||
| CVE-2022-20332 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180019130 | |||||
| CVE-2022-2622 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2023-08-08 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. | |||||
| CVE-2022-2539 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization. | |||||
| CVE-2022-20289 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-203683960 | |||||
| CVE-2022-32583 | 1 Cybozu | 1 Office | 2023-08-08 | N/A | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors. | |||||